IDSM-2 vs Netsky.aa

Hello! My IDSM-2 (ver. 5.0.5 with latest signature updates) on Cat6513 (CatOS) doesn't catch Netsky.aa virus, while my antivirus software does... Why? How I can drop the Netsky.aa activity with IDSM?
Thanks in advance.

Seeing as we partner with TrendMicro for virus and malware, we also happen to use their naming convention. I was able to cross reference some of the list you submitted, coverage as noted below.
That said, the IDS/IPS is a network intrusion sensor, not an antivirus solution. We provide coverage for viris/worms/malware that are fast breaking and pose significant risk to the end customer, but we do not cover every threat out there. For virus/worms/malware that are elevated to a High severity on TrendMicro's site, you'll see a signature on the IDS platform for it.
To my knowledge, there are no plans to incorporate anti-spam filtering on the IDS/IPS platforms at this time. Frankly, it doesn't make much sense to me to have your IDS filter for spam, but that's just my opinion.
Email-Worm.Win32.NetSky.q
3136-5 Netsky.Q pif
Email-Worm.Win32.Sober.y
Is known as WORM_SOBER.AG to TrendMicro and is covered by signature 3137-6
Email-Worm.Win32.Bagle.dx
Is known as WORM_BAGLE.BM to TrendMicro, rated as low, no signature.
Email-Worm.Win32.NetSky.b
We don not cover the B variant, but do cover the following: c,d,e,k,j,p,q,s,x,y,ab,z
Did a quick search on Trend's site, but didn't find a match to these:
Email-Worm.Win32.Doombot.b
Net-Worm.Win32.Mytob.q
Net-Worm.Win32.Mytob.c
Net-Worm.Win32.Bobic.k
Email-Worm.Win32.Bagle.gen
Email-Worm.Win32.Bagle.bw

Similar Messages

  • Idsm-2 problem: sensor upgrade from 4.1 to 5 or higher

    Hi all,
    I have a problem with my IDSM-2 module. I'm trying to sensor upgrade from IDS to IPS software (from 4.1 version to 5.x or higher).
    If I do this from sensor under "admin user" and use major patch - IPS-K9-maj-5.0-1e-S149.rpm.pkg then I receive error:
    "Error: idsPackageMgr: digital signature of the update file was not valid, use CCO to replace corrupted file ".
    But file "IPS-K9-maj-5.0-1e-S149.rpm.pkg" is NOT corrupted. I cheked it under "service user" with md5sum utility - checksum is correct.
    If I try to upgrade from maintance mode (ie re-image with wipe all information in application partition) then I receive:
    "Application image upgrade complete. You can boot the image now.
    Partition upgraded successfully"
    Next, I'm reboot IDSM-2 module and receive:
    "000133: Sep 7 15:10:18.622 MSK/MDD: %HA_EM-6-LOG: Mandatory.go_bootup.tcl: GOLD EEM TCL policy for boot up diagnostic
    000134: Sep 7 15:10:18.290 MSK/MDD: %DIAG-SP-3-MAJOR: Module 4: Online Diagnostics detected a Major Error. Please use 'show diagnostic result <target>' to see test results.
    000135: Sep 7 15:10:18.294 MSK/MDD: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 4: TestPCLoopback failed on port(s) 3-4
    000136: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-LC_FAILURE: Module 4 has Major online diagnostic failure, Card will be reset to re-run diagnostic. Please check sup-bootflash diaginfo file for previous detailed diagnostic result.
    000137: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-PWRCYCLE: Card in module 4, is being power-cycled 'off (Diagnostic Failure)'
    000138: Sep 7 15:10:19.170 MSK/MDD: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Diagnostic Failure)"
    ie module go to the "PwrDown" state.
    I try to upgrade for next firmware:
    IPS-K9-maj-5.0-1e-S149.rpm.pkg
    IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz
    IPS-K9-7.0-5a-E4.pkg
    IPS-K9-maj-5.0-1e-S149.rpm.pkg
    WS-SVC-IDSM2-K9-sys-1.1-a-5.0-1.bin.gz
    and did not get success
    chassis - 6509-e, sup - VS-S720-10G + VS-F6K-PFC3C, ios - s72033-adventerprisek9_wan-mz.122-33.SXI6.bin
    maintance software for IDSM-2 module - 3.4(2)m
    Could you please help me? Thanks in advance!

    I have a problem with my IDSM-2 module. I'm trying to sensor upgrade from IDS to IPS software (from 4.1 version to 5.x or higher). If I do this from sensor under "admin user" and use major patch - IPS-K9-maj-5.0-1e-S149.rpm.pkg then I receive error: "Error: idsPackageMgr: digital signature of the update file was not valid, use CCO to replace corrupted file ". But file "IPS-K9-maj-5.0-1e-S149.rpm.pkg" is NOT corrupted. I cheked it under "service user" with md5sum utility - checksum is correct.
    It has been a long time since I've seen a sensor running 4.1 or an upgrade to 5.0(1e) . If I recall correctly, there were some issues with upgrading if you were running a release from the 4.1 train earlier than 4.1(4). Additionally, the upgrade from 4.1 -> 5.0 includes a configuration conversion (due to differences between the software trains), which was prone to failure depending on the presence of certain configuration options.
    Unless you absolutely need to keep the existing configuration, you would save yourself time and effort by simply re-imaging the sensor directly to the desired release. Modern (supported) releases would be either 7.0(5a)E4 or 6.2(3)E4.
    Next, I'm reboot IDSM-2 module and receive:"000133: Sep 7 15:10:18.622 MSK/MDD: %HA_EM-6-LOG: Mandatory.go_bootup.tcl: GOLD EEM TCL policy for boot up diagnostic000134: Sep 7 15:10:18.290 MSK/MDD: %DIAG-SP-3-MAJOR: Module 4: Online Diagnostics detected a Major Error. Please use 'show diagnostic result ' to see test results.000135: Sep 7 15:10:18.294 MSK/MDD: %CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 4: TestPCLoopback failed on port(s) 3-4000136: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-LC_FAILURE: Module 4 has Major online diagnostic failure, Card will be reset to re-run diagnostic. Please check sup-bootflash diaginfo file for previous detailed diagnostic result.000137: Sep 7 15:10:19.170 MSK/MDD: %OIR-SP-3-PWRCYCLE: Card in module 4, is being power-cycled 'off (Diagnostic Failure)'000138: Sep 7 15:10:19.170 MSK/MDD: %C6KPWR-SP-4-DISABLED: power to module in slot 4 set off (Diagnostic Failure)"
    I would try re-imaging the sensor once more using the IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz System Recovery Image file found here, following the procedure described here. If the module still fails to boot after that (still citing a Diagnostic Failure), try moving it to another slot in the chassis (if possible).
    What color is the IDSM-2 Status LED (on front of module) when it is in this state? An RMA may be necessary to resolve this.

  • How can i use IDSM-2 in inline mode for more than two VLANs?

    can i use the IDSM-2 in inline mode to be ips to more than two VLANS
    like this or it isn't
    intrusion-detection module 5 data port 1 access-vlan 10,20,30,40,50
    intrusion-detection module 5 data port 1 access-vlan 100,200
    thank u all for your help

    The IDSM-2 ports need to be configured as trunk ports with multiple vlans rather than as access ports.
    http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517eb.html#wp1068377
    And instead of creating an inline interface pair by pairing Gig0/7 with Gig0/8 within the IDSM-2 configuration, you would create inline vlan pairs.
    With an inline vlan pair you pair 2 vlans on the same interface.
    You can have up to 255 inline vlan pairs on each interface (assumining you keep the total traffic from all of the pairs within the IDSM-2s performance limit of around 500Mbps)
    How to create inline vlan pairs:
    http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00807517bb.html#wp1047852
    The other aspect you need to be aware of is that not all IOS versions will support configuring the IDSM-2 data ports as trunk ports for inline vlan pairs.
    Your best bet is to use 12.2(18)SXF4 or a later version on the 12.2(18)SXF train.
    The 12.2(33)SR train does not currently support the trunk feature for the IDSM-2.

  • Question on Network and Host Blocking feature of IDSM

    Hi there,
    Is the IDSM capable of blocking host and network by itself through manual blocking. Or is it just capable of sending the blocks to its managed devices. Thanks

    There is a confusion in terms.
    Blocking refers to the sensor's ability to create ACLs or Shun lists on other devices.
    It requires that you setup the sensor to connect to that other device.
    Denying on the other hand refers to the sensor's ability to be deployed InLine and for the sensor itself to drop the offending packets.
    The Host Blocking panel is only for the Blocking feature. The Host Blocking panel does not control what an InLine Sensor will "Deny".
    At this time the sensor does not support the user manually adding IP Addresses to the sensor's Denied Attacker list.
    User's may view the current list, clear counters for the list, or remove attacker ip addresses from the list. But may not manually add addresses to the list.
    Addresses are added to the Denied Attacker list Only when signatures are triggered with one of the deny-attacker-.... event actions.
    You can view the Denied Attacker List through IDM:
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/idmguide/dmmntr.htm#wp1029926
    The Deny Actions do require that the sensor be deployed InLine and will not work on sensor's deployed Promiscuously.

  • IDSM comand lines removal from 6509 vss switch

    Hi in our network we have implimented VSS withtwo Cisco 6509 -Eswitches. In these switch I have installed IDS module and following are my IDS configurations.
    intrusion-detection switch 1 module 4 management-port access-vlan 21
    intrusion-detection switch 2 module 4 management-port access-vlan 21
    intrusion-detection switch 1 module 4 data-port 1 trunk allowed-vlan 27,31
    intrusion-detection switch 2 module 4 data-port 1 trunk allowed-vlan 27,31
    intrusion-detection switch 1 module 4 data-port 1 autostate include
    intrusion-detection switch 2 module 4 data-port 1 autostate include
    Whenever I am restarting any node of my VSS the last two lines of the IDS configuration disappears and i need to reenter this manually.
    "intrusion-detection switch 1 module 4 data-port 1 autostate include
    intrusion-detection switch 2 module 4 data-port 1 autostate include"
    Following are my switch details.
    Switch model : WS-C6509-E
    SUP module : VS-S720-10G
    IDS module details : WS-SVC-IDSM-2
    IDS firmware : 7.2(1)
    IDS software : 6.2(3)E4
    I dont understand what causes this problem and during reboot of any VSS node why this configuration is not getting replicated to the othet node?
    Please help me...

    intrusion-detection switch 1 module 4 data-port 1 autostate include portfast
    set this command and check !!!!

  • How to power up IDSM-2

    Hi
    I have Cat6509 with IDSM-2 in PwdDown state.
    How can I power up the blade ?
    Thanks in advance for your help

    I believe issuing a reset command to the IDSM-2 from the Catalyst’s CLI will do this.
    The following information was taken from the online installation guide: (http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a008035809d.html)
    Catalyst Software
    To reset the IDSM-2 from the CLI, follow these steps:
    Step 1 Log in to the console.
    Step 2 Enter privileged mode:
    Console> enable
    Step 3 Reset the IDSM-2 to the application partition or the maintenance partition:
    Console> (enable) reset module_number [hdd:1/cf:1]
    Cisco IOS Software
    To reset the IDSM-2 from the CLI, follow these steps:
    Step 1 Log in to the console.
    Step 2 Enter privileged mode:
    Router# configure terminal
    Step 3 Reset the IDSM-2:
    Router# hw-module module module_number reset [hdd:1/cf:1]
    I hope this helps,
    Alex Arndt

  • Configuring IDSM in promiscuous mode?

    Hello,
    I have two switch catalyst 6500 in VSS each with a IDSM module, I want monitor four VLANs three of them are vlans of users and one of servers, I am planning use VACLs to capture the traffic.
    My first quetion is how to configure the data ports of IDSM in promiscuous mode, if in the configuration guide say that by default the data ports are in promiscuous mode, so that means that I don't have to make any configuration in the data ports of IDSM?
    Second, if I have two switches 6500 in vss each with a IDSM module, I have to consider other configurations for this situation?
    The configuration of VACL that I will put is:
    ip access-list extended ACL_IPS
      permit ip any any
    vlan access-map VACL_IPS 10
      match ip address ACL_IPS
      action forward
    vlan filter VACL_IPS vlan-list 30 , 40 , 50 , 100
    intrusion-detection switch 1 module 4 data-port 1 capture allowed-vlan 30,40,50,100
    intrusion-detection switch 1 module 4 data-port 1 capture
    intrusion-detection switch 1 module 4 data-port 1 autostate include
    intrusion-detection switch 2 module 4 data-port 1 capture allowed-vlan 30,40,50,100
    intrusion-detection switch 2 module 4 data-port 1 capture
    intrusion-detection switch 2 module 4 data-port 1 autostate include
    Thanks for the help.

    The IDSM doesn;t need any special commands to inspect traffic in Promiscious mode.
    You'll want to put your IDSM management interfaces on a VLAN to talk with them:
    intrusion-detection module 4 management-port access-vlan 99
    Use the "forward capture" switch:
    vlan access-map VACL_IPS 10
      match ip address ACL_IPS
      action forward capture
    Get rid of the spaces between your VLAN numbers
    vlan filter VACL_IPS vlan-list 30,40,50,100
    If you put two IDSMs in teh same chassis you'll need to decide how to split traffic between them. You can assign different VLANs to each IDSM.
    - Bob

  • Configuring the Catalyst 6500 Switch for IPS Inline Operation of the IDSM

    I understand how to configure the Catalyst 6500 switch so that the monitoring ports are access ports in two separate VLAN's for inline operation.
    However, I don't see any documentation that describes how the desired VLAN traffic gets forced through the IPS.
    In promiscuous mode, you can use VACL's to copy/capture and forward the desired traffic to the IDSM for analysis. I'm not seeing how to get the desired traffic through the IPS.
    Note that the host 6500 is running native IOS 12.2(18)SXE.
    Thanks for any assistance.

    A tranparent firewall is a fairly good comparison.
    Let's say you have vlan 10 with 100 PCs and 1 Router for the network.
    If you want to apply a transparent firewall on that vlan you can not simply put one interface of the firewall on vlan 10. Nothing would go through the firewall.
    Instead you have to create a new vlan, let's say 1010. Now you place one interface of the firewall on vlan 10 and the other on vlan 1010. Still nothing is going through the firewall. So now you move that Router from vlan 10 to vlan 1010. All you do is change the vlan, the IP Address and netmask of the router stay the same.
    The transparent firewall bridges vlan 10 and vlan 1010. The PCs on vlan 10 ae still able to communicate to and through the router, but must go through the transparent firewall to do so.
    The firewall is transparent because it does not IP Route between 2 vlans, instead the same IP subnet exists on both vlans and the firewall transparently beidges traffic between the 2 vlans.
    The transparent firewall can do firewalling between the PCs on vlan 10 and the Router on vlan 1010. But is PC A on vlan 10 talks to PC B on vlan 10, then the transparent firewall does not see and can not block that traffic.
    An InLine sensor is very similar to the transparent firewall and will bridge between the 2 vlans. And similarly an InLine sensor is able to InLine monitor traffic between PCs on vlan 10 and the Router on vlan 1010, but will not be able to monitor traffic between 2 PCs on vlan 10.
    Now the router on one vlan and the PCs on the other vlan is a typical deployment for inline sensors, but your vlans do not Have to be divided that way. You could choose to place some servers in one vlan, and desktop PCs in the other vlan. You subdivide the vlans in what ever method makes sense for your deployment.
    Now for monitoring multiple vlans the same principle still applies. You can't monitor traffic between machines on the same vlan. So for each of the vlans you want to monitor you will need to create a new vlan and split the machines between the 2 vlans.
    In your case with Native IOS you are limited to only 1 pair of vlans for InLine monitoring, but your desired deployment would require 20 vlan pairs.
    The 5.1 IPS software has now the capability to handle the 20 pairs, but the Native IOS software does not have the capability to send the 40 vlans (20 pairs) to the IDSM-2.
    The Native IOS changes are in testing right now, but I have not heard a release date for those changes.
    Now Cat OS has already made these changes. So here is a basic breakdown of what you could do in Cat OS and you can use in preparation for a Native IOS deployment when it gets released.
    For vlans 10-20, and 300-310 that you want monitored you will need to break each of those vlans in to 2 vlans.
    Let's say we make it simple and add 500 to each vlan in order to create the new vlan for each pair.
    So you have the following pairs:
    10/510, 11/511, 12/512, etc...
    300/800, 301/801, 302/802, etc....
    You set up the sensor port to trunk all 40 vlans:
    set trunk 5/7 10-20,300-310,510-520,800-810
    (Then clear all other vlans off that trunk to keep things clean)
    In the IDSM-2 configuration create the 20 inline vlan pairs on interface GigabitEthernet0/7
    Nw on each of the 20 original vlans move the default router for each vlan from the original vlan to the 500+ vlan.
    At this point you should ordinarily be good to go. The IDSM-2 won't be monitoring traffic that stays within each of the original 20 vlans, but Would monitor traffic getting routed in and out of each of the 20 vlans.
    Because of a switch bug you may have to have an additional PC moved to the same vlan as the router if the switch/MSFC is being used as the router and you are deploying with an IDSM-2.

  • IDSM-2 load balancing on inline mode is it possible ..?

    Hi there .. I am currenty working on a project and need to find out as to whether etherchanelling load balancing can be configured between several IDSM-2 running on inline mode. The IPS 5.1 admin guide states that it is possible for IOS based switches having the IDSM-2 configured on promiscuous mode, however I have heard that it might also be possible to configure etherchannelling load balance when the IDSM-2 are on inline mode. Any help .. commments will be appreciated .. any links to refer to will be even better
    Thanks !!!

    To configure EtherChannel load balancing on IDSM-2, you must install Cisco IOS 12.2(18)SXE and have Supervisor Engine 720. Cisco IOS only supports promiscuous IDSM-2 EtherChanneling using VACL capture (not SPAN or monitor). Refer the URL
    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df92.html#wp1044800

  • Setting the access-list on a IDSM blade

    I have a IDSM blade for a 6500 series switch. I need to modify the administrative access-list from the CLI so I can get into it remotely and with CME
    I see in the config entries like this
    access-list 192.168.100.10/32
    I assume this is the section for authorized hosts to access the IDSM
    but I can't figure out how to add an entry?
    any advice would be great

    on the console you can add entries the following way:
    in conf-mode:
    service host
    network-settings
    access-list 10.10.10.0/24 ! or whatever you want to add
    exit
    exit
    answer "yes" to apply changes
    exit
    !(ready)
    Sent from Cisco Technical Support iPad App

  • IDSM should protect serverfarm on FWSM form outside/inside threats

    Hi all,
    We have 6509 with FWSM and IDSM.All vlans (servers,voice,users etc) are homed directly on the FWSM.We need to protect the serverfarm vlan from attacks originating from both inside and outside. All traffic comming from outside and headed for the servers as well as traffic from user vlans needs to be intercepted.So i am planning to put IDSM in inline vlan pair mode.Also i want the internet traffic first to hit fwsm and then idsm.
    Single digit vlan exist on MSFC, double digit vlans pushed to FWSM. Bridging done by IDSM
    MSFC
    vlan 2
    name SERVER-IDSM
    vlan 3
    name INTERNET-IDSM
    vlan 4
    name USER-IDSM
    vlan 22
    name SERVER-FWSM
    vlan 33
    name INTERNET-FWSM
    vlan 44
    name USER-FWSM
    intrusion-detection module 4 data-port 1 trunk allowed-vlan 3,4
    // Here vlan 3 (Internet) goes into IDSM and then FWSM. But i want traffic from internet to go to FWSM and then IDSM
    interface g2/3
    switchport
    switchport mode access
    switchport access vlan 3
    description INTERNET
    IDSM
    conf t
    service interface
    physical-interfaces g0/2
    admin-state enabled
    description INTERNET
    duplex full
    speed 1000
    subinterface-type inline-vlan-pair
    subinterface 1
    vlan1 4 //bridging
    vlan2 44
    description INSPECT-USER-TRAFFIC
    subinterface 2
    vlan1 3 //briding
    vlan 33
    description INSTECT-INTERNET-TRAFFIC
    service analysis-engine
    virtual-sensor
    physical-interface g0/2 subinterface-number 1
    physical-interface g0/2 subinterface-number 2
    My primary aim is :-
    1) All user traffic should first go to FWSM and then to IDSM and then if OK to servers
    2) All internet traffic (from outside) headed to servers should first go to FWSM and then IDSM and then if OK to servers
    How can this be achieved? I think the configuration posted above places IDSM in front of FWSM which is opposite of what i want
    Regards.
    Sonu,

    By deploying the FWSM in front of the server farm, security is provided both to and from the server farm and between each server farm tier. I think the config you have provided will work.

  • How to recover IDSM-2 password (without know any password)

    Hi,
    We have a IDSM-2 system card in 6500 system. Unfortunately, we lost tracking the login/password. I have read Cisco doc# 13837. It req to know either admin username/password or service username/password to do password recovery. I do not have those info (and tried). The last method suggested is to re-image IDSM-2 (IOS). I am wondering there is a better way to recover password like other switch..(such as hold mode to reboot switch) without re-image. Here is the card info:
    "WS-SVC-IDSM-2 8 ports Intrusion Detection System Rev. 6.1"
    Any help would be greatly appreciated.
    gy

    A "re-image" is necessary, but it is not a standard re-image.
    Instead there is a special image file that ONLY sets the cisco password back to the default "cisco". It doesn't change anything else on the system.
    Download the password recovery image file WS-SVC-IDSM2-K9-a-6.1-password-recovery.bin.gz from:
    http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=6.1%281%29E1&mdfid=277997776&sftType=Intrusion+Prevention+System+%28IPS%29+System+Software&optPlat=&nodecount=29&edesignator=null&modelName=Cisco+Catalyst+6500+Series+Intrusion+Detection+System+%28IDSM-2%29+Services+Module&treeMdfId=268438162&modifmdfid=null&imname=&treeName=Security&hybrid=Y&imst=N
    To "install" this special password recovery file you will follow the System Re-Image instructions, but use this special file instead of the standard System Image file.
    http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_system_images.html#wp1031426
    This is discussed very briefly in the CLI guide:
    http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_troubleshooting.html#wp1139735

  • Authentication on an IDSM-2?

    I have a requirement to have Authentication on our network devices using RSA Secure tokens or restrict it's mgmt interface from the network.
    So far I am using AAA through the ACS to accomplish this but I can find nothing about AAA for the IDSM-2.
    Does AAA exist for the IDSM-2 or does anyone have another suggestion for said devices?
    Thanks!
    (Current HW setup. Will be upgrading to 720's soon but my security deadline is looming sooner.)
    Mod Slot Ports Module-Type Model Sub Status
    1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok
    15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok
    2 2 16 1000BaseX Ethernet WS-X6516-GBIC no ok
    3 3 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok
    4 4 16 10/100/1000BaseT Ethernet WS-X6516-GE-TX no ok
    13 13 8 Intrusion Detection Mod WS-SVC-IDSM-2 yes ok

    Cisco Traffic Anomaly Detector Module:
    Authentication, Authorization, and Accounting (AAA) Support
    Integrates with AAA through TACACS+
    Privilege-level and command-level authorization and accounting
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet0900aecd80220a6e.html

  • IDSM-2 Mode - Best Practice

    Hi All,
    I'm gonna deploy two 6500 switches with FWSM, IDSM and ACE modules. My network consist of Voice vlan, Server vlan, Application vlan and some user vlans. I will also have other devices like CSMAR, ACS etc.
    My question is which IDSM mode (promiscuous/inline) should i configure in my scanerio and also which mode is suitable for voice because i've read somewhere that inline mode add delay in traffic.
    Waiting your feedback
    Regards

    Hi,
       Go through these links :
    http://help.sap.com/saphelp_nw2004s/helpdata/en/e7/47dd1613d14c449ce2a3f1461d8c87/content.htm
    http://help.sap.com/saphelp_dm40/helpdata/en/8b/4ffd9b07474279b3bbee75a60db41f/content.htm
    Regards
    Suvarna

  • Trouble Installing license on IDSM-2

    Hi,
    I got my license for an IDSM-2 that I am installing (used serial number of IDSM to get it). When I go to install it, whether via the CLI or through the web interface I am informed that the license in no good...
    Here's the message from the CLI:
    Error: setLicenseKey : The license key on the system is invalid.
    Here's the output from the "show version" command:
    pcsd-suth-ids# sho ver
    Application Partition:
    Cisco Intrusion Prevention System, Version 5.0(2)S152.0
    OS Version 2.4.26-IDS-smp-bigphys
    Platform: WS-SVC-IDSM2-BUN
    No license present
    Sensor up-time is 7 min.
    Using 236765184 out of 1983660032 bytes of available memory (11% usage)
    system is using 17.3M out of 29.0M bytes of available disk space (59% usage)
    application-data is using 28.7M out of 166.8M bytes of available disk space (18
    usage)
    boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)
    application-log is using 530.5M out of 2.8G bytes of available disk space (20%
    sage)
    MainApp 2005_Mar_04_14.23 (Release) 2005-03-04T14:35:11-0600 Run
    ing
    AnalysisEngine 2005_Mar_29_16.33 (Release) 2005-03-29T16:45:11-0600 Run
    ing
    CLI 2005_Mar_04_14.23 (Release) 2005-03-04T14:35:11-0600
    Upgrade History:
    IDS-K9-sp-5.0-1.2- 14:00:00 UTC Thu Mar 17 2005
    Maintenance Partition Version 2.1(2)
    Recovery Partition Version 1.1 - 5.0(2)
    Any ideas as to where to start? is there any chance that the license file could be no good? I double-checked that it was not modified after receiving it in e-mail...
    Thanks,
    Tim

    This URL should help you:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a00804cf52f.html

Maybe you are looking for

  • How do I download Photoshop CS5 on my Mac OS 10.7 Lion?

    I just paid for my photoshop CS5 extended, and am trying to install.  The Akamai Download manager says that it is not compatible with the Mac OS 10.7.  I know there is a way around this what do I do?

  • Connection Problems G5 Internal Airport Card

    Hello, I just bought a Quad G5 and seperately an Airport Extreme Card to go inside so that I can connect wirelessly to the internet. The card is being recognized by the computer, but I'm getting no signals... and usually with my laptop I'll get not o

  • After a month, still cannot install X

    I bought an X-Fi XtremeMusic more than a month ago and have been battling to get it or the RMA'd replacement I got to work. I have an nforce-based mobo, so I initially thought I might have the EEPROM issue. But alas, the replacement is also not worki

  • Onlybalances on local currency - incorrect foreign currency valuation

    Dear all, I have the following problem: My customer created some manual accounts and did tick the box for only balances in local currency. Now my customer wanted to do foreign currency valuation on these accounts. I told the customer to make balance

  • Technical upgrade from 4.6c to 6.0ecc with unicode conversion

    Hi Experts, Can you explain me technical upgrade from 4.6c to 6.0ecc with Unicode conversion. if u got any notes pls send it to [email protected] vijay